<%@ CodePage="936" LCID="2052" %>
<%
Response.Buffer = EW_RESPONSE_BUFFER
%>
<!--#include file="lc_ewcfg8.asp"-->
<!--#include file="lc_userinfo.asp"-->
<!--#include file="lc_aspfn8.asp"-->
<!--#include file="md5.asp"-->
<!--#include file="lc_userfn8.asp"-->
<% Session.Timeout = 20 %>
<%
Response.Expires = 0
Response.ExpiresAbsolute = Now() - 1
Response.AddHeader "pragma", "no-cache"
Response.AddHeader "cache-control", "private, no-cache, no-store, must-revalidate"
%>
<%

' Define page object
Dim changepwd
Set changepwd = New cchangepwd
Set Page = changepwd

' Page init processing
Call changepwd.Page_Init()

' Page main processing
Call changepwd.Page_Main()
%>
<!--#include file="lc_header.asp"-->
<script language="JavaScript" type="text/javascript">
<!--
// Write your client script here, no need to add script tags.
// To include another .js script, use:
// ew_ClientScriptInclude("my_javascript.js"); 
//-->
</script>
<script type="text/javascript">
<!--
var changepwd = new ew_Page("changepwd");
// extend page with ValidateForm function
changepwd.ValidateForm = function(fobj)
{
	if (!this.ValidateRequired)
		return true; // ignore validation
	if  (!ew_HasValue(fobj.opwd))
		return ew_OnError(this, fobj.opwd, ewLanguage.Phrase("EnterOldPassword"));
	if  (!ew_HasValue(fobj.npwd))
		return ew_OnError(this, fobj.npwd, ewLanguage.Phrase("EnterNewPassword"));
	if  (fobj.npwd.value != fobj.cpwd.value)
		return ew_OnError(this, fobj.cpwd, ewLanguage.Phrase("MismatchPassword"));
	// Call Form Custom Validate event
	if (!this.Form_CustomValidate(fobj)) return false;
	return true;
}
// extend page with Form_CustomValidate function
changepwd.Form_CustomValidate =  
 function(fobj) { // DO NOT CHANGE THIS LINE!
 	// Your custom validation code here, return false if invalid. 
 	return true;
 }
// requires js validation
<% If EW_CLIENT_VALIDATE Then %>
changepwd.ValidateRequired = true;
<% Else %>
changepwd.ValidateRequired = false;
<% End If %>
//-->
</script>
<p><span class="aspmaker"><%= Language.Phrase("ChangePwdPage") %></span></p>
<% If EW_DEBUG_ENABLED Then Response.Write changepwd.DebugMsg %>
<% changepwd.ShowMessage %>
<form action="<%= ew_CurrentPage %>" method="post" onsubmit="return changepwd.ValidateForm(this);">
<table border="0" cellspacing="0" cellpadding="4">
	<tr>
		<td><span class="aspmaker"><%= Language.Phrase("OldPassword") %></span></td>
		<td><span class="aspmaker"><input type="password" name="opwd" id="opwd" size="20"></span></td>
	</tr>
	<tr>
		<td><span class="aspmaker"><%= Language.Phrase("NewPassword") %></span></td>
		<td><span class="aspmaker"><input type="password" name="npwd" id="npwd" size="20"></span></td>
	</tr>
	<tr>
		<td><span class="aspmaker"><%= Language.Phrase("ConfirmPassword") %></span></td>
		<td><span class="aspmaker"><input type="password" name="cpwd" id="cpwd" size="20"></span></td>
	</tr>
	<tr>
		<td>&nbsp;</td>
		<td><span class="aspmaker"><input type="submit" name="submit" id="submit" value="<%= ew_BtnCaption(Language.Phrase("ChangePwdBtn")) %>"></span></td>
	</tr>
</table>
</form>
<br>
<script language="JavaScript" type="text/javascript">
<!--
// Write your startup script here
// document.write("page loaded");
//-->
</script>
<!--#include file="lc_footer.asp"-->
<%

' Drop page object
Set changepwd = Nothing
%>
<%

' -----------------------------------------------------------------
' Page Class
'
Class cchangepwd

	' Page ID
	Public Property Get PageID()
		PageID = "changepwd"
	End Property

	' Page Object Name
	Public Property Get PageObjName()
		PageObjName = "changepwd"
	End Property

	' Page Name
	Public Property Get PageName()
		PageName = ew_CurrentPage()
	End Property

	' Page Url
	Public Property Get PageUrl()
		PageUrl = ew_CurrentPage() & "?"
	End Property

	' Common urls
	Dim AddUrl
	Dim EditUrl
	Dim CopyUrl
	Dim DeleteUrl
	Dim ViewUrl
	Dim ListUrl

	' Export urls
	Dim ExportPrintUrl
	Dim ExportHtmlUrl
	Dim ExportExcelUrl
	Dim ExportWordUrl
	Dim ExportXmlUrl
	Dim ExportCsvUrl

	' Inline urls
	Dim InlineAddUrl
	Dim InlineCopyUrl
	Dim InlineEditUrl
	Dim GridAddUrl
	Dim GridEditUrl
	Dim MultiDeleteUrl
	Dim MultiUpdateUrl

	' Debug Message
	Dim m_DebugMsg

	Public Property Get DebugMsg()
		If m_DebugMsg <> "" Then
			DebugMsg = "<p>" & m_DebugMsg & "</p>"
		Else
			DebugMsg = ""
		End If
	End Property

	Public Property Let DebugMsg(v)
		If m_DebugMsg <> "" Then ' Append
			m_DebugMsg = m_DebugMsg & "<br>" & v
		Else
			m_DebugMsg = v
		End If
	End Property

	' Message
	Public Property Get Message()
		Message = Session(EW_SESSION_MESSAGE)
	End Property

	Public Property Let Message(v)
		If Session(EW_SESSION_MESSAGE) <> "" Then ' Append
			Session(EW_SESSION_MESSAGE) = Session(EW_SESSION_MESSAGE) & "<br>" & v
		Else
			Session(EW_SESSION_MESSAGE) = v
		End If
	End Property

	' Show Message
	Public Sub ShowMessage()
		Dim sMessage
		sMessage = Message
		Call Message_Showing(sMessage)
		If sMessage <> "" Then Response.Write "<p><span class=""ewMessage"">" & sMessage & "</span></p>"
		Session(EW_SESSION_MESSAGE) = "" ' Clear message in Session
	End Sub

	' -----------------------
	'  Validate Page request
	'
	Public Function IsPageRequest()
		IsPageRequest = True
	End Function

	' -----------------------------------------------------------------
	'  Class initialize
	'  - init objects
	'  - open ADO connection
	'
	Private Sub Class_Initialize()
		StartTimer = Timer ' Init start time

		' Initialize language object
		Set Language = New cLanguage

		' Initialize table object
		Set user = New cuser

		' Initialize form object
		Set ObjForm = Nothing

		' Intialize page id (for backward compatibility)
		EW_PAGE_ID = "changepwd"

		' Open connection to the database
		Call ew_Connect()
	End Sub

	' -----------------------------------------------------------------
	'  Subroutine Page_Init
	'  - called before page main
	'  - check Security
	'  - set up response header
	'  - call page load events
	'
	Sub Page_Init()
		Set Security = New cAdvancedSecurity
		If Not Security.IsLoggedIn() Then Call Security.AutoLogin()
		If Not Security.IsLoggedIn() Or Security.IsSysAdmin() Then Call Page_Terminate("lc_login.asp")
		Call Security.LoadCurrentUserLevel("user")

		' Global page loading event (in userfn7.asp)
		Call Page_Loading()

		' Page load event, used in current page
		Call Page_Load()
	End Sub

	' -----------------------------------------------------------------
	'  Class terminate
	'  - clean up page object
	'
	Private Sub Class_Terminate()
		Call Page_Terminate("")
	End Sub

	' -----------------------------------------------------------------
	'  Subroutine Page_Terminate
	'  - called when exit page
	'  - clean up ADO connection and objects
	'  - if url specified, redirect to url
	'
	Sub Page_Terminate(url)

		' Page unload event, used in current page
		Call Page_Unload()

		' Global page unloaded event (in userfn60.asp)
		Call Page_Unloaded()
		If Not (Conn Is Nothing) Then Conn.Close ' Close Connection
		Set Conn = Nothing
		Set Security = Nothing
		Set ObjForm = Nothing

		' Go to url if specified
		Dim sRedirectUrl
		sReDirectUrl = url
		Call Page_Redirecting(sReDirectUrl)
		If sReDirectUrl <> "" Then
			If Response.Buffer Then Response.Clear
			Response.Redirect sReDirectUrl
		End If
	End Sub

	'
	'  Subroutine Page_Terminate (End)
	' ----------------------------------------
	' -----------------------------------------------------------------
	' Page main processing
	'
	Sub Page_Main()
		Dim bValidPwd
		Dim bPwdUpdated, sUsername, sOPwd, sNPwd, sCPwd, sEmail, sFilter, sSql, RsUser
		If Request.Form <> "" Then
			bPwdUpdated = False

			' Setup variables
			sUsername = Security.CurrentUserName
			sOPwd = Request.Form("opwd")
			sNPwd = Request.Form("npwd")
			sCPwd = Request.Form("cpwd")
			If ValidateForm(sOPwd, sNPwd, sCPwd) Then
				sFilter = Replace(EW_USER_NAME_FILTER, "%u", ew_AdjustSql(sUsername))

				' Set up filter (Sql Where Clause) and get Return Sql
				' Sql constructor in user class, userinfo.asp

				user.CurrentFilter = sFilter
				sSql = user.SQL
				Set RsUser = Server.CreateObject("ADODB.Recordset")
				RsUser.Open sSql, Conn, 1, 2
				If Not RsUser.Eof Then
					If EW_CASE_SENSITIVE_PASSWORD Then
						If EW_MD5_PASSWORD Then
							bValidPwd = (MD5(sOPwd) = RsUser("user_pwd"))
						Else
							bValidPwd = (sOPwd = RsUser("user_pwd"))
						End If
					Else
						If EW_MD5_PASSWORD Then
							bValidPwd = (MD5(LCase(sOPwd)) = RsUser("user_pwd"))
						Else
							bValidPwd = (LCase(sOPwd) = LCase(RsUser("user_pwd")))
						End If
					End If
					If bValidPwd Then
						If Not EW_CASE_SENSITIVE_PASSWORD Then sNPwd = LCase(sNPwd)
						If EW_MD5_PASSWORD Then
							RsUser("user_pwd") = MD5(sNPwd) ' Change Password
						Else
							RsUser("user_pwd") = sNPwd ' Change Password
						End If
						RsUser.Update
						bPwdUpdated = True
					Else
						Message = Language.Phrase("InvalidPassword")
					End If
				End If
				If bPwdUpdated Then
					Message = Language.Phrase("PasswordChanged") ' set up message
					Call Page_Terminate("default.asp") ' exit page and clean up
				End If
				RsUser.Close
				Set RsUser = Nothing
			Else
				Message = gsFormError
			End If
		End If
	End Sub

	' -----------------------------------------------------------------
	' Validate form
	'
	Function ValidateForm(opwd, npwd, cpwd)

		' Initialize
		gsFormError = ""

		' Check if validation required
		If Not EW_SERVER_VALIDATE Then
			ValidateForm = True
			Exit Function
		End If
		If opwd = "" Then
			If gsFormError <> "" Then gsFormError = gsFormError & "<br>"
			gsFormError = gsFormError & Language.Phrase("EnterOldPassword")
		End If
		If npwd = "" Then
			If gsFormError <> "" Then gsFormError = gsFormError & "<br>"
			gsFormError = gsFormError & Language.Phrase("EnterNewPassword")
		End If
		If npwd <> cpwd Then
			If gsFormError <> "" Then gsFormError = gsFormError & "<br>"
			gsFormError = gsFormError & Language.Phrase("MismatchPassword")
		End If

		' Return validate result
		ValidateForm = (gsFormError = "")

		' Call Form Custom Validate event
		Dim sFormCustomError
		sFormCustomError = ""
		ValidateForm = ValidateForm And Form_CustomValidate(sFormCustomError)
		If sFormCustomError <> "" Then
			If gsFormError <> "" Then gsFormError = gsFormError & "<br>"
			gsFormError = gsFormError & sFormCustomError
		End If
	End Function

	' Page Load event
	Sub Page_Load()

		'Response.Write "Page Load"
	End Sub

	' Page Unload event
	Sub Page_Unload()

		'Response.Write "Page Unload"
	End Sub

	' Page Redirecting event
	Sub Page_Redirecting(url)

		'url = newurl
	End Sub

	' Message Showing event
	Sub Message_Showing(msg)

		'msg = newmsg
	End Sub

	' Email Sending event
	Function Email_Sending(Email, Args)

		'Response.Write Email.AsString
		'Response.Write "Keys of Args: " & Join(Args.Keys, ", ")
		'Response.End

		Email_Sending = True
	End Function

	' Form Custom Validate event
	Function Form_CustomValidate(CustomError)

		'Return error message in CustomError
		Form_CustomValidate = True
	End Function
End Class
%>
